*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Description:
With a corrupted menu entry in ~/.local/share/applications I can deceive a
distracted user and have root access when he clicks on the entry.
Steps to reproduce the bug:
1. Go to ~/.local/share/applications.
2. With a text editor, open a desktop entry of a program that needs root
access, such as Synaptic.
3. Replace the «Exec» field with:
Exec=gksu touch /hello
4. Open the entry you have modified
What appens:
A distracted user can insert the password without notice (especially if I use
gksu --description and --message options to shadow the command) and the hello
file will appear in /.
What's the matter?
For example, if instead of "touch /hello" I wrote "rm /*" all file will be
destroyed. Also, I can put a trojan and control all the system. To corrupt the
icon I can create a simple program (also a bash script) and if I spread it on
the network it can be very dangerous!
** Affects: ubuntu
Importance: Wishlist
Status: Triaged
--
Root access with a corrupted menu entry
https://bugs.launchpad.net/bugs/152060
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
